The proactive safety market is consolidating additional as publicity administration vendor Tenable introduced its intent to accumulate Vulcan Cyber, a unified vulnerability administration (UVM) vendor that focuses on third social gathering vulnerability assortment, vulnerability response, and utility safety posture administration. This acquisition demonstrates how distributors are reacting to CISOs’ continued have to unify and consolidate their fragmented arsenal of safety instruments.
Tenable plans to finish the acquisition by the top of March 2025, for $147 million in money and $3 million in RSUs. Forrester estimates Vulcan Cyber’s ARR is ~$25M and that they’ve round 100 enterprise prospects. This acquisition underscores Tenable’s dedication to enhancing vulnerability response, complementing their current announcement supporting built-in patch administration capabilities. As assault surfaces develop throughout cloud, units, and functions, safety groups face the problem of managing various safety posture evaluation instruments that determine varied belongings and assess vulnerabilities. This fragmentation makes vulnerability prioritization and remediation monitoring difficult. Unified Vulnerability Administration firms like Vulcan Cyber consolidate and unify vulnerability sources from cloud safety, vulnerability scanners, endpoint safety, and extra to assist within the prioritization course of. This unification permits groups to use prioritization strategies and orchestrate and monitor remediation’s successfully. This acquisition additional aligns with Forrester’s analysis on proactive safety, which is made up of three core ideas: visibility, prioritization, and remediation.
Vulcan’s mannequin of Unified Vulnerability Administration, which ingests third-party vulnerabilities and improves response, addresses areas the place Tenable has historically not been as sturdy. Forrester expects Tenable to prioritize integrating Vulcan’s third-party connector ecosystem into their Tenable One platform, and leverage Vulcan’s ASPM capabilities. This integration will allow Tenable One prospects to tug in additional various vulnerability sources, from SAST/DAST to cloud safety suppliers, in the end bettering remediation response workflows and insights.
Unified Vulnerability Administration options have acknowledged the benefit for safety leaders of with the ability to ingest, combination, deduplicate, and triage findings from varied distributors and sorts of utility safety testing instruments. ASPM options, similar to Vulcan.io, advance this method by correlating points found throughout improvement and testing with utility deployment and runtime data. The contextualized prioritization focuses improvement and DevOps groups on addressing solely a very powerful enterprise impacting points, thereby enhancing improvement productiveness and minimizing danger. Furthermore, Vulcan Cyber’s ASPM providing additional permits Tenable to seize a bigger share of the applying safety funds.
With this acquisition, Tenable has expanded its vulnerability administration to reinforce remediation. Vulcan’s workflow engine permits safety and IT groups to construct and deploy customized playbooks that automate prioritization and remediation course of, decreasing guide overhead. Tenable One can leverage Vulcan’s means to seamlessly bridge vulnerability knowledge with DevOps toolchains.
This acquisition marks Tenable’s fifth in three years, following purchases in knowledge safety (Eureka), cloud safety (Ermetic), assault floor administration (Bit Discovery), and publicity administration (Cymptom). The proactive safety market is predicted to proceed consolidating by means of acquisitions and the unification of vulnerabilities and belongings from disparate instruments. Options like Unified Vulnerability Administration help vulnerability consolidation, whereas Cyber Asset Assault Floor Administration (CAASM) options help asset consolidation.
